SketchVisor: Robust Network Measurement for Software Packet Processing

Slides:



Advertisements
Similar presentations
Semantics and Evaluation Techniques for Window Aggregates in Data Streams Jin Li, David Maier, Kristin Tufte, Vassilis Papadimos, Peter A. Tucker SIGMOD.
Advertisements

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,
Robust Network Compressive Sensing Lili Qiu UT Austin NSF Workshop Nov. 12, 2014.
Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.
Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.
1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.
1 Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams Robert Schweller Ashish Gupta Elliot Parsons Yan Chen Computer.
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.
Reverse Hashing for Sketch Based Change Detection in High Speed Networks Ashish Gupta Elliot Parsons with Robert Schweller, Theory Group Advisor: Yan Chen.
Dream Slides Courtesy of Minlan Yu (USC) 1. Challenges in Flow-based Measurement 2 Controller Configure resources1Fetch statistics2(Re)Configure resources1.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.
Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology USENIX Security '08 Presented by Lei Wu.
SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.
Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College.
NetPilot: Automating Datacenter Network Failure Mitigation Xin Wu, Daniel Turner, Chao-Chih Chen, David A. Maltz, Xiaowei Yang, Lihua Yuan, Ming Zhang.
CEDAR Counter-Estimation Decoupling for Approximate Rates Erez Tsidon Joint work with Iddo Hanniel and Isaac Keslassy Technion, Israel 1.
Resource/Accuracy Tradeoffs in Software-Defined Measurement Masoud Moshref, Minlan Yu, Ramesh Govindan HotSDN’13.
1 LD-Sketch: A Distributed Sketching Design for Accurate and Scalable Anomaly Detection in Network Data Streams Qun Huang and Patrick P. C. Lee The Chinese.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Efficient Cache Structures of IP Routers to Provide Policy-Based Services Graduate School of Engineering Osaka City University
Robust Principal Components Analysis IT530 Lecture Notes.
SCREAM: Sketch Resource Allocation for Software-defined Measurement Masoud Moshref, Minlan Yu, Ramesh Govindan, Amin Vahdat (CoNEXT’15)
REU 2009-Traffic Analysis of IP Networks Daniel S. Allen, Mentor: Dr. Rahul Tripathi Department of Computer Science & Engineering Data Streams Data streams.
Spark on Entropy : A Reliable & Efficient Scheduler for Low-latency Parallel Jobs in Heterogeneous Cloud Huankai Chen PhD Student at University of Kent.
Continuous Monitoring of Distributed Data Streams over a Time-based Sliding Window MADALGO – Center for Massive Data Algorithmics, a Center of the Danish.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Re-evaluating Measurement Algorithms in Software Omid Alipourfard, Masoud Moshref, Minlan Yu {alipourf, moshrefj,
William Stallings Data and Computer Communications
Xin Li, Chen Qian University of Kentucky
SDN challenges Deployment challenges
Problem: Internet diagnostics and forensics
Constant Time Updates in Hierarchical Heavy Hitters
Jennifer Rexford Princeton University
Architecture and Algorithms for an IEEE 802
FlowRadar: A Better NetFlow For Data Centers
Computing and Compressive Sensing in Wireless Sensor Networks
New Cache Designs for Thwarting Cache-based Side Channel Attacks
A Study of Group-Tree Matching in Large Scale Group Communications
Augmented Sketch: Faster and More Accurate Stream Processing
Srinivas Narayana MIT CSAIL October 7, 2016
A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.
Query-Friendly Compression of Graph Streams
Twitter Frenzy FPGA Data Stream Processing
Dingming Wu+, Yiting Xia+*, Xiaoye Steven Sun+,
Optimal Elephant Flow Detection Presented by: Gil Einziger,
Qun Huang, Patrick P. C. Lee, Yungang Bao
Xiaoyang Zhang1, Yuchong Hu1, Patrick P. C. Lee2, Pan Zhou1
SCREAM: Sketch Resource Allocation for Software-defined Measurement
Elastic Sketch: Adaptive and Fast Network-wide Measurements
Elastic Sketch: Adaptive and Fast Network-wide Measurements
Memento: Making Sliding Windows Efficient for Heavy Hitters
Constant Time Updates in Hierarchical Heavy Hitters
Network-Wide Routing Oblivious Heavy Hitters
Heavy Hitters in Streams and Sliding Windows
By: Ran Ben Basat, Technion, Israel
Ran Ben Basat, Xiaoqi Chen, Gil Einziger, Ori Rottenstreich
Catching the Microburst Culprits with Snappy
Author: Yi Lu, Balaji Prabhakar Publisher: INFOCOM’09
A flow aware packet sampling mechanism for high speed links
Lu Tang , Qun Huang, Patrick P. C. Lee
Toward Self-Driving Networks
Toward Self-Driving Networks
Catching the Microburst Culprits with Snappy
Elmo Muhammad Shahbaz Lalith Suresh, Jennifer Rexford, Nick Feamster,
NitroSketch: Robust and General Sketch-based Monitoring in Software Switches Alan (Zaoxing) Liu Joint work with Ran Ben-Basat, Gil Einziger, Yaron Kassner,
2019/11/12 Efficient Measurement on Programmable Switches Using Probabilistic Recirculation Presenter:Hung-Yen Wang Authors:Ran Ben Basat, Xiaoqi Chen,
(Learned) Frequency Estimation Algorithms
NetWarden: Mitigating Network Covert Channels without Performance Loss
Presentation transcript:

SketchVisor: Robust Network Measurement for Software Packet Processing Qun Huang, Xin Jin, Patrick P. C. Lee, Runhui Li, Lu Tang, Yi-Chao Chen, Gong Zhang

Monitoring Traffic Statistics Network management Network-wide flow statistics Traffic distribution Flow cardinality Heavy hitters

Sketch: A Promising Solution Sketch: a family of randomized algorithms Key idea: project high-dimensional data into small subspace High-dimensional data Randomized projection Input data Statistics Subspace Data structure Small subspace: low computation & communication overheads Subspace reflects mathematical properties Strong theoretical error bounds when querying for statistics

Example: Count-Min Sketch Count flow packets Update with a packet Hash flow id to one counter per row Increment each selected counter Query a flow Hash the flow to multiple counters Take the minimum counter as estimated packet count Theoretical guarantees Allocate ⌈ log 2 1 𝛿 ⌉ rows and ⌈ 𝑈 𝜖 ⌉ counters each row The error for a flow is at most 𝜖 with probability at least 1−𝛿 +1 +1 Packet +1 +1 Each element is a counter

Our Focus Sketch-based measurement atop software switches Local sketch Hardware Switches Network-wide sketch

Limitation of Sketches Basic sketches Lack of generality Limited query More structures Complicated sketches

Our Contributions SketchVisor: Sketch-based Measurement System for Software Packet Processing Performance Catch up with underlying packet forwarding speed Resource efficiency Consume only limited resources Accuracy Preserve high accuracy of sketches Generality Support multiple sketch-based algorithms Simplicity Automatically mitigate performance burdens of sketches without manual tuning

Architecture: Double-Path Design Control plane Network-wide sketch Merge two paths Recover lost information Transparent to users Network-wide merge & recovery Global normal path Global fast path Data plane Switches To control plane Local normal path Local fast path User-defined sketches High accuracy (Relatively) slower Fast path High speed (Relatively) less accurate General for multiple sketches Sketch 1 Sketch 2 Fast path algorithm Sketch 3 Sketch 4 Buffer Packets Forwarding

Key Questions Data plane: how to design the fast path algorithm? Control plane: how to merge the normal path and fast path?

Intuitions Consider sketches which map flow byte counts into counters Other sketches (e.g., Bloom Filter) can be converted Each large flow has significant impact Large Flows Many Small Flows Flows Sketch counters Each small flow has limited impact Aggregated impact of small flows is significant

Fast Path Algorithm How Easy Ideal algorithm Our practical algorithm ? Per-flow byte count of large flows Aggregated byte count of small flows Our practical algorithm Infeasible with limited resources How (Approximate) per-flow byte count of large flows (Approximate) aggregated byte count of small flows ? Easy Byte of small flows = total byte – byte of large flows

Approximate Tracking of Large Flows A small hash table “Guess” and kick out potentially small flows when table is full Each flow has three counters Estimated errors due to flow kick-outs Byte count Flow 1 4 Flow 2 1 Flow 3 2 Flow ID Counter 1 Counter 2 Counter 3

Performance and Accuracy Theoretical analysis shows: All large flows are tracked Amortized O(1) processing time per packet Bounded errors Compared to Misra Gries top-k algorithm

Key Questions Data plane: how to design a fast path algorithm? Control plane: how to merge the normal path and fast path?

Control Plane: Challenge Input insufficient to form network-wide sketches Global normal path Input 1: Incomplete sketch with missing values Expected output: Network-wide sketch Network-wide recovery Global fast path Flow 1 4 Flow 2 1 Flow 3 2 Flow ID Counter 1 Counter 2 Counter 3 Input 2: Approximate large flows in fast path Total byte count Input 3: Total byte counts in fast path

Matrix Interpolation Problem The recovery process can be expressed as Large flows in fast path (unknown) Expected output sketch (unknown) T = N + sk(x + y) Sketch in global normal path (known) Small flows in fast path (unknown)

Matrix Interpolation Problem Based on theoretical analysis and microbenchmarks Large flows in fast path (unknown) Expected output sketch (unknown) T = N + sk(x + y) Sketch in global normal path (known) Small flows in fast path (unknown)

Matrix Interpolation Problem Based on theoretical analysis and microbenchmarks (low-rank structure) Large flows in fast path (unknown) Expected output sketch (unknown) T = N + sk(x + y) Sketch in global normal path (known) Small flows in fast path (unknown)

Matrix Interpolation Problem Based on theoretical analysis and microbenchmarks (1. sparse vector) (low-rank structure) (2. each flow is bounded) Large flows in fast path (unknown) Expected output sketch (unknown) T = N + sk(x + y) Sketch in global normal path (known) Small flows in fast path (unknown)

Matrix Interpolation Problem Based on theoretical analysis and microbenchmarks (1. sparse vector) (low-rank structure) (2. each flow is bounded) Large flows in fast path (unknown) Expected output sketch (unknown) T = N + sk(x + y) Sketch in global normal path (known) Small flows in fast path (unknown) (small and close values)

Matrix Interpolation Problem Based on theoretical analysis and microbenchmarks (1. sparse vector) (low-rank structure) (2. each flow is bounded) Large flows in fast path (unknown) Expected output sketch (unknown) Total traffic is known T = N + sk(x + y) Sketch in global normal path (known) Small flows in fast path (unknown) (small and close values)

Recovery Approach An estimated network-wide sketch Existing Information T = N + sk(x+y) T has low-rank structure values in y are small and close x is sparse Flows in x are bounded Total traffic of x and y is known Compressive sensing framework Optimization problem (encode existing information) Solve optimization problem An estimated network-wide sketch

Evaluation

Evaluation Setup Prototype based on OpenVSwitch Environments Testbed: 8 OVS switches connected by one 10Gbps hardware switch In-memory simulation: 1 – 128 simulation processes Workloads: CAIDA Measurement tasks Heavy hitter detection Heavy changer detection Superspreader detection DDoS detection Cardinality estimation Entropy estimation Flow distribution estimation

Throughput Compared with two data plane approaches NoFastPath: use only Normal Path to process all traffic MGFastPath: use Misra-Gries Algorithm to track large flows in Fast Path Achieve ~10 Gbps in testbed (single CPU core) Achieve ~20 Gbps in simulation (single CPU core)

Accuracy Compare with four recovery approaches Ideal: an oracle to recover the perfect sketch NR: no recovery at all LR: only use lower estimate of large flows in Fast Path UR: only use upper estimate of large flows in Fast Path SketchVisor matches the ideal approach

Network-wide Results Recover sketch from 1-128 hosts Accuracy improved as number of hosts increases Work for both byte-based tasks (heavy hitter detection) and connection-based tasks (cardinality estimation)

Conclusion SketchVisor: high-performance system for sketch algorithms Double-path architecture design Slower and accurate sketch channel (normal path) Fast and less accurate channel (fast path) Fast path algorithm in data plane General and high performance Recovery in control plane Achieve high accuracy using compressive sensing Implementation and evaluation OpenVSwitch based implementation Trace-driven experiments

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.